CVE-2023-52161
HIGHiNet wireless daemon < 2.14 - Improper Authentication via EAPOL Handshake Bypass
Title source: llmDescription
The Access Point functionality in eapol_auth_key_handle in eapol.c in iNet wireless daemon (IWD) before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key.
References (13)
Core 13
Core References
Product
https://iwd.wiki.kernel.org/
Third Party Advisory
https://www.top10vpn.com/research/wifi-vulnerabilities/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTPXEPTMASG37NDGAQMH2OTM6OPIP5A/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TL2CFNWBL2E6AT2SIY2PR3IAWVCDYJZQ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOQ6VEE3CPJAQLMMGMLCYDGWHVG7UCJI/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/
Scores
CVSS v3
7.5
EPSS
0.0095
EPSS Percentile
76.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
intel/inet_wireless_daemon
< 2.14
Published
Feb 22, 2024
Tracked Since
Feb 18, 2026